[ntp:security] Odp.: After sending messaged with optional field set, the NTP server stops responding

Robert Pajak robert.pajak at pl.abb.com
Wed Sep 7 12:25:04 UTC 2016


Missing attachments added.

________________________________
Od: Robert Pajak
Wysłane: 7 września 2016 07:58:49
Do: security at ntp.org
DW: Anand Vaishakh; Shwetha Shetty; Piotr Filipek; techsupport at meinberg.de
Temat: After sending messaged with optional field set, the NTP server stops responding


Dear NTP Team,


We would like to report that during Security Testing of Meinberg NTP (Windows NTP port) we have probably found some stability/security issue. We first reported the issue to Meinberg but they redirected us to you.


In short: After sending messaged with optional field set, the NTP server stops responding.



Testing environment:

- Windows 7 Ultimate Service Pack 1

- Meinberg NTP version: 4.2.8p8


Repro steps:

1.       Application processed NTP request without extension field, from test tool properly and gives a proper server response(packet number 102-103) - just to check if everything is fine

[cid:0deedeb8-70d0-44f6-9730-6cb67cf4a8e7]



2.        Application received 6 NTP requests with extension field enabled from test tool (104-113) but not responding - this so far acceptable according to the NTP documentation

[cid:ce225d3c-7e92-42e9-bbb6-46491f588dd5]



3.       Test tool sent more NTP requests again without enabling extension field (Packet number 114 to 134) and application is still not responding with a proper server message - INPROPER BEHAVIOR

[cid:08233b18-392a-4322-935d-95f91c9d1220]



A pcap file and ntp configuration file are attached to this message.


NTP Event Log:

[cid:c2af5483-042f-420f-935f-372abe0597b2]



Please contact us if any more information is needed and also if we are doing something wrong.



Kind regards

[cid:image001.png at 01CF9460.A77B7150]


Robert Pająk

ABB Business Services Sp. z o. o.

Software Development Center
Starowiślna 13, 31-038, Kraków, PL
Phone: +48 22 223 9866

ABB Contact Center: +48 2222 3 8762
Email: robert.pajak at pl.abb.com<mailto:robert.pajak at pl.abb.com>





'

ABB Business Services Sp. z o.o. z siedzibą w Warszawie, adres: Warszawa 04-713, ul. Żegańska 1, wpisana do Rejestru Przedsiębiorców Krajowego Rejestru Sądowego prowadzonego w Sądzie Rejonowym dla m. st. Warszawy, XIII Wydział Gospodarczy Krajowego Rejestru Sądowego pod nr KRS 0000346179, nr REGON: 142142520, nr NIP 952-208-16-05, kapitał zakładowy 50.000,00 zł. ABB Business Services Sp. z o.o. with registered seat at 1 Żeganska Street, 04-713 Warsaw, Poland, registered in the Register of Entrepreneurs of the Polish Court Register maintained by the District Court for the Capital City of Warsaw, XIII Economic Department, under KRS No. 0000346179, REGON No. (statistical number): 142142520, NIP No. (taxpayer identification number) PL9522081605, share capital: 50,000.00 PLN.
________________________________
UWAGA: Niniejsza wiadomość jest przeznaczona wyłącznie dla wskazanego w niej odbiorcy i może zawierać informacje poufne. Jeżeli otrzymali Państwo tę wiadomość omyłkowo lub nie jesteście Państwo jej adresatem niniejszym informujemy, że przeglądanie, kopiowanie lub rozpowszechnianie tej informacji jest zabronione. Prosimy o niezwłoczne poinformowanie nadawcy o omyłkowym otrzymaniu tej wiadomości oraz o jej usunięcie wraz z ewentualnymi załącznikami. Dziękujemy.

Informujemy, że prawa własności intelektualnej do niniejszej wiadomości wraz z załącznikami mogą należeć do ABB.

ATTENTION: This e-mail message is intended only for the named recipient(s) above and may contain confidential information. If you have received this message in error, or are not the named recipient(s), you are hereby notified that any review, copying or distribution of this transmittal is prohibited. Please immediately notify the sender and delete this e-mail message from your computer. Thank you. You are hereby notified that ABB may be the owner of the intellectual property rights to this e-mail message and its enclosures. ';
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Image636088247292670429
Type: image/png
Size: 60821 bytes
Desc: Image636088247292670429
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Image636088247293371060
Type: image/png
Size: 62845 bytes
Desc: Image636088247293371060
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Image636088247293441123
Type: image/png
Size: 64517 bytes
Desc: Image636088247293441123
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Image636088247293641299
Type: image/png
Size: 4622 bytes
Desc: Image636088247293641299
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Image636088247293691348
Type: image/png
Size: 774 bytes
Desc: Image636088247293691348
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ntp.conf
Type: application/octet-stream
Size: 1305 bytes
Desc: ntp.conf
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NTP_issue_final.pcap
Type: application/octet-stream
Size: 28699 bytes
Desc: NTP_issue_final.pcap
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0003.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ntp_log.txt
URL: <http://lists.ntp.org/private/security/attachments/20160907/f76d4e83/attachment-0001.txt>


More information about the security mailing list